info_i_25x25.png See important information about Ubiquiti Devices and KRACK Vulnerability in this article. We will update this document as more information becomes available.

EdgeRouter - IPsec Policy-Based Site-to-Site VPN to Juniper SRX

 Overview


Readers will learn how to configure a Policy-Based Site-to-Site IPsec VPN between an EdgeRouter and a Juniper SRX.

A Policy-Based VPN is characterized by the definition of local and remote subnets (proxy IDs). This type of VPN differs from a Route-Based VPN which is characterized by the usage of Virtual Tunnel Interfaces (VTIs) and routing entries.

book_25x25.png    NOTES & REQUIREMENTS:

Applicable to EdgeOS 1.9.7 + firmware in all EdgeRouter models. Knowledge of the Command Line Interface (CLI), Junos, and advanced networking knowledge is required. Please see the Related Articles below for more information and see the attachments for the configurations used in this article.

 

Equipment used in this article:

- EdgeRouter-X (ER-X)

- Juniper SRX

- Test clients behind the peers (Host1 and Server1)

Table of Contents


  1. Network Diagram
  2. Steps: Policy-Based VPN
  3. Steps: Juniper SRX VPN
  4. Steps: Testing & Verification
  5. Related Articles

Network Diagram


Back to Top

The network topology is shown below. The following interfaces are in use on the EdgeRouter and the Juniper SRX:

ER-X

  1. eth0 (WAN) - 203.0.113.1
  2. eth1 (LAN) - 192.168.1.1/24

Juniper SRX

  1. ge-0/0/0 (WAN) - 192.0.2.1
  2. ge-0/0/1 (LAN) - 172.16.1.1/24


Steps: Policy-Based VPN


Back to Top

For the purpose of this article it is assumed that the routing and interface configuration is already in place and that reachability has been tested.

The UDP ports and protocols relevant to IPsec are:

  1. UDP 500 (IKE)
  2. ESP (Protocol 50)
  3. UDP 4500 (NAT-T)

The type of VPN that will be created is called a Policy-Based VPN which uses remote and local subnets, otherwise known as proxy IDs. These values need to match exactly between the two peers and need to be mirrored images of each other. Only the prefixes defined in the proxy IDs will be carried over the tunnel. In the example ER has the 192.168.1.0/24 present on the LAN side, whereas the Juniper side uses 172.16.1.0/24.

The first part of the configuration focuses on the ER, afterwards the VPN will be set up on the SRX.

CLI_circle.png  CLI STEPS: Access the command line interface (CLI). You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Exclude IPsec traffic from NAT and allow the automatic creation of the firewall rules.

set vpn ipsec auto-firewall-nat-exclude enable

3. Create the IKE proposal (P1) and Security Associations (SAs).

set vpn ipsec ike-group FOO0 lifetime 86400
set vpn ipsec ike-group FOO0 proposal 1 dh-group 14
set vpn ipsec ike-group FOO0 proposal 1 encryption aes256
set vpn ipsec ike-group FOO0 proposal 1 hash sha256

4. Create the ESP proposal (P2) and Security Associations (SAs).

set vpn ipsec esp-group FOO0 lifetime 43200
set vpn ipsec esp-group FOO0 pfs disable
set vpn ipsec esp-group FOO0 proposal 1 encryption aes128
set vpn ipsec esp-group FOO0 proposal 1 hash md5
info_i_25x25.png Note: The choices for SAs in this example are based on optimizing the VPN for performance, stability and security. The IKE proposal focuses on security (AES256 + SHA256), whereas the ESP proposal focuses on performance (AES128 + MD5). Whatever set of SAs are chosen, make sure that the settings for Phase 1 (P1) and Phase 2 (P2) match on both sides of the connection.

5. Define the peer address and the pre-shared-key (replace <secret> with your desired passphrase).

set vpn ipsec site-to-site peer 192.0.2.1 authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 192.0.2.1 authentication pre-shared-secret <secret>
set vpn ipsec site-to-site peer 192.0.2.1 description IPsec

6. Define the local source address (public IP) of the Site-to-Site VPN connection.

set vpn ipsec site-to-site peer 192.0.2.1 local-address 203.0.113.1
info_i_25x25.png Note: It is also possible to use a non-static IP address for the WAN connection. In the case of DHCP, please use set ... peer 192.0.2.1 dhcp-interface eth0. For PPPoE interfaces or load-balancing scenarios it is currently recommend to use set ... peer 192.0.2.1 local-address 0.0.0.0 over local-address any.

7. Link the IKE proposal to the Site-to-Site connection.

set vpn ipsec site-to-site peer 192.0.2.1 ike-group FOO0

8. Create a tunnel that defines the remote and local subnets (proxy IDs) and link the ESP proposal.

set vpn ipsec site-to-site peer 192.0.2.1 tunnel 1 esp-group FOO0
set vpn ipsec site-to-site peer 192.0.2.1 tunnel 1 local prefix 192.168.1.0/24
set vpn ipsec site-to-site peer 192.0.2.1 tunnel 1 remote prefix 172.16.1.0/24

9. (Optional) Enable the IPsec offloading feature to increase ESP (not IKE) performance.

set system offload ipsec enable (this requires a reboot to become active)

10. Commit the changes.

commit

11. Save the configuration.

save

Steps: Juniper SRX VPN


Back to Top

Please make sure that the latest stable version of Junos is being used and that the device is capable of reaching the internet. The Juniper side of the Site-to-Site VPN connection is based on the following IPsec article: Configuring a Policy-Based VPN

CLI_circle.png  CLI STEPS: Access the Junos command line interface (CLI). 

1. Enter configuration mode.

configure

2. Link the interfaces to the relevant zones and allow IKE (UDP500) on the WAN interface.

set security zones security-zone trust interfaces ge-0/0/1.0
set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone untrust host-inbound-traffic system-services ike
info_i_25x25.png Note: In this article unit 0 is used for all relevant interfaces. The zones ‘untrust’ and ‘trust’ are the default zones and do not necessarily match other environments.

3. Define the local and remote subnets as address ranges in an address book.

set security address-book global address remote 192.168.1.0/24
set security address-book global address local 172.16.1.0/24

4. Allow the IPsec traffic between the ‘untrust’ and ‘trust’ zones and link the address books.

set security policies from-zone trust to-zone untrust policy trust-to-ipsec match source-address local
set security policies from-zone trust to-zone untrust policy trust-to-ipsec match destination-address remote
set security policies from-zone trust to-zone untrust policy trust-to-ipsec match application any
set security policies from-zone trust to-zone untrust policy trust-to-ipsec then permit tunnel ipsec-vpn IPsec
set security policies from-zone trust to-zone untrust policy trust-to-ipsec then permit tunnel pair-policy ipsec-to-trust

set security policies from-zone untrust to-zone trust policy ipsec-to-trust match source-address remote
set security policies from-zone untrust to-zone trust policy ipsec-to-trust match destination-address local
set security policies from-zone untrust to-zone trust policy ipsec-to-trust match application any
set security policies from-zone untrust to-zone trust policy ipsec-to-trust then permit tunnel ipsec-vpn IPsec
set security policies from-zone untrust to-zone trust policy ipsec-to-trust then permit tunnel pair-policy trust-to-ipsec
info_i_25x25.png Note: The tunnel pair-policy statement links the ‘untrust to-zone trust’ to the ‘trust to-zone untrust’ policy and vice versa. These policies basically link the address books to the IPsec tunnel and define the local and remote subnets (proxy IDs).

5. Make sure that the IPsec traffic policies are matched before the existing policy rules.

insert security policies from-zone trust to-zone untrust policy trust-to-ipsec before policy default-permit
insert security policies from-zone untrust to-zone trust policy ipsec-to-trust before policy default-deny

6. Exclude IPsec traffic from being translated in NAT.

set security nat source rule-set sourcenat from zone trust
set security nat source rule-set sourcenat to zone untrust
set security nat source rule-set sourcenat rule nat match source-address 0.0.0.0/0

set security nat source rule-set sourcenat rule nat match destination-address 0.0.0.0/0
set security nat source rule-set sourcenat rule nat then source-nat interface

set security nat source rule-set sourcenat rule ipsec match source-address-name local
set security nat source rule-set sourcenat rule ipsec match destination-address-name remote
set security nat source rule-set sourcenat rule ipsec then source-nat off

7. Make sure that the IPsec NAT exclusion rule is matched before the existing Source-NAT rule.

insert security nat source rule-set sourcenat rule ipsec before rule nat
info_i_25x25.png Note: This article assumes that Source-NAT has not already been configured on the device. If the NAT rule already exists, please make sure that the new IPsec rule is placed in front of the existing NAT rule using the insert statement.

8. Create the IKE proposal (IKEProposal) matching the defined SAs on the EdgeRouter.

set security ike proposal IKEProposal authentication-method pre-shared-keys
set security ike proposal IKEProposal dh-group group14
set security ike proposal IKEProposal authentication-algorithm sha-256
set security ike proposal IKEProposal encryption-algorithm aes-256-cbc
set security ike proposal IKEProposal lifetime-seconds 86400

9. Create the IKE policy (IKEPolicy) and link it to the IKE proposal (replace <secret> with your desired passphrase).

set security ike policy IKEPolicy mode main
set security ike policy IKEPolicy proposals IKEProposal
set security ike policy IKEPolicy pre-shared-key ascii-text <secret>

10. Create the IKE gateway (IKEGateway) and link it to the IKE policy.

set security ike gateway IKEGateway ike-policy IKEPolicy
set security ike gateway IKEGateway address 203.0.113.1
set security ike gateway IKEGateway external-interface ge-0/0/0
set security ike gateway IKEGateway local-address 192.0.2.1

11. Create the ESP proposal (ESPProposal) matching the defined SAs on the EdgeRouter.

set security ipsec proposal ESPProposal protocol esp
set security ipsec proposal ESPProposal authentication-algorithm hmac-md5-96
set security ipsec proposal ESPProposal encryption-algorithm aes-128-cbc
set security ipsec proposal ESPProposal lifetime-seconds 43200

12. Create the ESP policy (ESPPolicy) and link it to the ESP proposal.

set security ipsec policy ESPPolicy proposals ESPProposal

13. Create the VPN IPsec connection and link it to the IKE gateway and ESP policy.

set security ipsec vpn IPsec ike gateway IKEGateway
set security ipsec vpn IPsec ike ipsec-policy ESPPolicy

14. (Optional) Activate traceoptions for IKE to log messages for troubleshooting purposes.

set security ike traceoptions flag all
set security ike traceoptions file ike.log
info_i_25x25.png Note: If not needed anymore, please make sure that the traceoptions are either deactivated (deactivate security ike traceoptions) or removed from the configuration.

15. Commit the changes.

commit

Steps: Testing & Verification


Back to Top

After configuring the IPsec VPN, verify the connection/state using the following commands.

1. Verify the IPsec Security Associations (SAs) and status on the ER:

show vpn ipsec sa
peer-192.0.2.1-tunnel-1: #1, ESTABLISHED, IKEv1, 184447c009d51f80:14cc0f13aff401c0

 local  '203.0.113.1' @ 203.0.113.1
 remote '192.0.2.1' @ 192.0.2.1
 AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
 established 237s ago, reauth in 85347s
 peer-192.0.2.1-tunnel-1: #1, INSTALLED, TUNNEL, ESP:AES_CBC-128/HMAC_MD5_96
   installed 237 ago, rekeying in 41939s, expires in 42964s
   in  cb321982,    180 bytes,     3 packets,   231s ago
   out 5d4174b1,    180 bytes,     3 packets,   231s ago
   local  192.168.1.0/24
   remote 172.16.1.0/24 

sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.2, Linux 3.10.14-UBNT, mips):

 uptime: 10 minutes, since Mar 12 09:05:48 2017
 malloc: sbrk 376832, mmap 0, used 269320, free 107512
 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
 Listening IP addresses:
 203.0.113.1
 192.168.1.1
Connections:
peer-192.0.2.1-tunnel-1:  203.0.113.1...192.0.2.1  IKEv1
peer-192.0.2.1-tunnel-1:   local:  [203.0.113.1] uses pre-shared key authentication
peer-192.0.2.1-tunnel-1:   remote: [192.0.2.1] uses pre-shared key authentication
peer-192.0.2.1-tunnel-1:   child:  192.168.1.0/24 === 172.16.1.0/24 TUNNEL
Routed Connections:
peer-192.0.2.1-tunnel-1{1}:  ROUTED, TUNNEL
peer-192.0.2.1-tunnel-1{1}:   192.168.1.0/24 === 172.16.1.0/24
Security Associations (1 up, 0 connecting):
peer-192.0.2.1-tunnel-1[1]: ESTABLISHED 5 minutes ago, 203.0.113.1[203.0.113.1]...192.0.2.1[192.0.2.1]
peer-192.0.2.1-tunnel-1[1]: IKEv1 SPIs: 184447c009d51f80_i* 14cc0f13aff401c0_r, pre-shared key reauthentication in 23 hours
peer-192.0.2.1-tunnel-1[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
peer-192.0.2.1-tunnel-1{1}:  INSTALLED, TUNNEL, ESP SPIs: cb321982_i 5d4174b1_o
peer-192.0.2.1-tunnel-1{1}:  AES_CBC_128/HMAC_MD5_96, 180 bytes_i (3 pkts, 324s ago), 180 bytes_o (3 pkts, 324s ago)
peer-192.0.2.1-tunnel-1{1}:   192.168.1.0/24 === 172.16.1.0/24

2. Verify the ER IPsec strongSwan configuration:

sudo cat /etc/ipsec.conf
# generated by /opt/vyatta/sbin/vpn-config.pl


config setup

conn %default
       keyexchange=ikev1

conn peer-192.0.2.1-tunnel-1
       left=203.0.113.1
       right=192.0.2.1
       leftsubnet=192.168.1.0/24
       rightsubnet=172.16.1.0/24
       ike=aes256-sha256-modp2048!
       keyexchange=ikev1
       ikelifetime=86400s
       esp=aes128-md5!
       keylife=43200s
       rekeymargin=540s
       type=tunnel
       compress=no
       authby=secret
       auto=route
       keyingtries=%forever
#conn peer-192.0.2.1-tunnel-1

3. Capture the arrival of IKE traffic on the ER external WAN interface:

sudo tcpdump -i eth0 -n udp dst port 500   
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 203.0.113.1.500 > 192.0.2.1.500: isakmp: phase 1 I ident
IP 192.0.2.1.500 > 203.0.113.1.500: isakmp: phase 1 R ident
IP 203.0.113.1.500 > 192.0.2.1.500: isakmp: phase 1 I ident[E]
IP 192.0.2.1.500 > 203.0.113.1.500: isakmp: phase 1 R ident[E]
IP 203.0.113.1.500 > 192.0.2.1.500: isakmp: phase 2/others I oakley-quick[E]
IP 192.0.2.1.500 > 203.0.113.1.500: isakmp: phase 2/others R oakley-quick[E]
info_i_25x25.png Note: This is a live capture. If there is no output that means that the traffic is either not being generated on the client, or there is something blocking the traffic upstream.

4. Capture the ER IPsec VPN logs:

sudo swanctl --log
[KNL] creating acquire job for policy 192.168.1.10/32[icmp/8] === 172.16.1.10/32[icmp/8] with reqid {1}

[IKE] initiating Main Mode IKE_SA peer-192.0.2.1-tunnel-1[1] to 192.0.2.1
[ENC] generating ID_PROT request 0 [ SA V V V V ]
[NET] sending packet: from 203.0.113.1[500] to 192.0.2.1[500] (160 bytes)
[NET] received packet: from 192.0.2.1[500] to 203.0.113.1[500] (108 bytes)
[ENC] parsed ID_PROT response 0 [ SA V ]
[IKE] received NAT-T (RFC 3947) vendor ID
[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
[ENC] parsed ID_PROT response 0 [ ID HASH ]
[IKE] IKE_SA peer-192.0.2.1-tunnel-1[1] established between 203.0.113.1[203.0.113.1]...192.0.2.1[192.0.2.1]
[ENC] generating QUICK_MODE request 561157166 [ HASH SA No ID ID ]
[ENC] parsed QUICK_MODE response 561157166 [ HASH SA No ID ID N((24576)) ]
[IKE] CHILD_SA peer-192.0.2.1-tunnel-1{1} established with SPIs cb321982_i 5d4174b1_o and TS 192.168.1.0/24 === 172.16.1.0/24
info_i_25x25.png Note: This is also live capture. If there is no output that means that the traffic is either not being allowed through the firewall. Alternatively you can use the show vpn log | no-more command to view the entire IPsec log history.

5. Verify the IPsec Security Associations (SAs) and statistics on the SRX:

show security ike sa
Index   State  Initiator cookie  Responder cookie  Mode           Remote Address   

697909  UP     9e9c73d889be2378  abbed46436bd025b  Main           203.0.113.1     

show security ike sa detail
IKE peer 203.0.113.1, Index 2264724, Gateway Name: IKEGateway

 Role: Responder, State: UP
 Initiator cookie: 091c0d059ea7afbe, Responder cookie: baf3c7ea2c2f5016
 Exchange type: Main, Authentication method: Pre-shared-keys
 Local: 192.0.2.1:500, Remote: 203.0.113.1:500
 Lifetime: Expires in 86206 seconds
 Peer ike-id: 203.0.113.1
 Xauth assigned IP: 0.0.0.0
 Algorithms:
  Authentication        : hmac-sha256-128
  Encryption            : aes256-cbc
  Pseudo random function: hmac-sha256
  Diffie-Hellman group  : DH-group-14
 Traffic statistics:
  Input  bytes  :                  928
  Output bytes  :                  788
  Input  packets:                    5
  Output packets:                    4
 Flags: IKE SA is created
 IPSec security associations: 1 created, 0 deleted
 Phase 2 negotiations in progress: 0
   Negotiation type: Quick mode, Role: Responder, Message ID: 0
   Local: 192.0.2.1:500, Remote: 203.0.113.1:500
   Local identity: 192.0.2.1           
   Remote identity: 203.0.113.1
   Flags: IKE SA is created

show security ipsec sa
 Total active tunnels: 1
 ID    Algorithm       SPI      Life:sec/kb  Mon lsys Port  Gateway   
 <2    ESP:aes-cbc-128/md5 14ce38b 42981/unlim -  root 500   203.0.113.1     
 >2    ESP:aes-cbc-128/md5 cf29ade9 42981/unlim - root 500   203.0.113.1

show security ipsec sa detail
 ID: 2 Virtual-system: root, VPN Name: IPsec

 Local Gateway: 192.0.2.1, Remote Gateway: 203.0.113.1
 Local Identity: ipv4_subnet(any:0,[0..7]=172.16.1.0/24)
 Remote Identity: ipv4_subnet(any:0,[0..7]=192.168.1.0/24)
 Version: IKEv1
   DF-bit: clear
   Policy-name: trust-to-ipsec
 Port: 500, Nego#: 1, Fail#: 0, Def-Del#: 0 Flag: 0x600829
 Last Tunnel Down Reason: SA not initiated
   Direction: inbound, SPI: 14ce38b, AUX-SPI: 0
                             , VPN Monitoring: -
   Hard lifetime: Expires in 42965 seconds
   Lifesize Remaining:  Unlimited
   Soft lifetime: Expires in 42376 seconds
   Mode: Tunnel(0 0), Type: dynamic, State: installed
   Protocol: ESP, Authentication: hmac-md5-96, Encryption: aes-cbc (128 bits)
   Anti-replay service: counter-based enabled, Replay window size: 64 

   Direction: outbound, SPI: cf29ade9, AUX-SPI: 0
                             , VPN Monitoring: -
   Hard lifetime: Expires in 42965 seconds
   Lifesize Remaining:  Unlimited
   Soft lifetime: Expires in 42376 seconds
   Mode: Tunnel(0 0), Type: dynamic, State: installed
   Protocol: ESP, Authentication: hmac-md5-96, Encryption: aes-cbc (128 bits)
   Anti-replay service: counter-based enabled, Replay window size: 64 

show security ipsec statistics   
ESP Statistics:

 Encrypted bytes:              360
 Decrypted bytes:              180
 Encrypted packets:              3
 Decrypted packets:              3
AH Statistics:
 Input bytes:                    0
 Output bytes:                   0
 Input packets:                  0
 Output packets:                 0
Errors:
 AH authentication failures: 0, Replay errors: 0
 ESP authentication failures: 0, ESP decryption failures: 0
 Bad headers: 0, Bad trailers: 0

6. Verify the security policies on the SRX:

show security policies detail                                    
Policy: trust-to-ipsec, action-type: permit, State: enabled, Index: 5, Scope Policy: 0

 Policy Type: Configured
 Sequence number: 1
 From zone: trust, To zone: untrust
 Source addresses:                     
   local(global): 172.16.1.0/24
 Destination addresses:
   remote(global): 192.168.1.0/24
 Application: any
   IP protocol: 0, ALG: 0, Inactivity timeout: 0
     Source port range: [0-0]
     Destination port range: [0-0]
 Per policy TCP Options: SYN check: No, SEQ check: No
 Tunnel: IPsec, Type: IPSec, Index: 2
   Pair policy: ipsec-to-trust

Policy: ipsec-to-trust, action-type: permit, State: enabled, Index: 7, Scope Policy: 0
 Policy Type: Configured
 Sequence number: 1
 From zone: untrust, To zone: trust
 Source addresses:
   remote(global): 192.168.1.0/24
 Destination addresses:
   local(global): 172.16.1.0/24
 Application: any
   IP protocol: 0, ALG: 0, Inactivity timeout: 0
     Source port range: [0-0]
     Destination port range: [0-0]
 Per policy TCP Options: SYN check: No, SEQ check: No
 Tunnel: IPsec, Type: IPSec, Index: 2
   Pair policy: trust-to-ipsec

7. Analyze the IKE logs (if captured with traceoptions) on the SRX:

file show /var/log/ike.log
Successfully added SA Config

iked_pm_ike_spd_notify_request: Sending Initial contact
ssh_ike_connect: Start, remote_name = 203.0.113.1:500, xchg = 2, flags = 00090000
ike_init_isakmp_sa: Start, remote = 203.0.113.1:500, initiator = 1
ike_find_pre_shared_key: Find pre shared key key for 192.0.2.1:500, id = No Id -> 203.0.113.1:500, id = No Id
ikev2_fb_qm_local_id: Using ipv4_subnet(any:0,[0..7]=172.16.1.0/24) as local QM identity
ikev2_fb_qm_remote_id: Using ipv4_subnet(any:0,[0..7]=192.168.1.0/24) as remote QM identity
ike_send_notify: Connected, SA = { 9e9c73d8 89be2378 - abbed464 36bd025b}, nego = -1
iked_pm_ike_sa_done: local:192.0.2.1, remote:203.0.113.1 IKEv1
IKE negotiation done for local:192.0.2.1, remote:203.0.113.1 IKEv1 with status: Error ok
Added (spi=0x86968a35, protocol=0) entry to the spi table
Added (spi=0x630753c, protocol=0) entry to the spi table
Added (spi=0x86968a35, protocol=ESP dst=192.0.2.1) entry to the peer hash table
Added (spi=0xcad56e88, protocol=ESP dst=203.0.113.1) entry to the peer hash table
Successfully added ipsec SA PAIR
IPSec  negotiation done successfully for SA-CFG IPsec for local:192.0.2.1, remote:203.0.113.1  IKEv1

8. Send traffic over the tunnel from Server1 to Host1 and vice versa:

ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.

64 bytes from 192.168.1.10: icmp_seq=1 ttl=63 time=45.9 ms
64 bytes from 192.168.1.10: icmp_seq=2 ttl=63 time=45.2 ms
64 bytes from 192.168.1.10: icmp_seq=3 ttl=63 time=45.5 ms

ping 172.16.1.10
PING 172.16.1.10 (172.16.1.10) 56(84) bytes of data.

64 bytes from 172.16.1.10: icmp_seq=1 ttl=63 time=43.9 ms
64 bytes from 172.16.1.10: icmp_seq=2 ttl=63 time=44.1 ms
64 bytes from 172.16.1.10: icmp_seq=3 ttl=63 time=44.4 ms

Related Articles


Back to Top